The European Space Agency has suffered yet another security incident and, in keeping with past practice, says the impact is limited. Meanwhile, miscreants boast that they've made off with a trove of data, including what they claim are confidential documents, credentials, and source code.

While the ESA said it's aware of a security incident, it added in an X post Tuesday that the breach may have impacted only "a very small number of external servers" used to support unclassified engineering and scientific collaboration.

"We have initiated a forensic security analysis—currently in progress—and implemented measures to secure any potentially affected devices," the ESA added. "All relevant stakeholders have been informed, and we will provide further updates as soon as additional information becomes available."

That's in contrast to what one cybercriminal posted in their offer of over 200 GB of ESA data for sale on the still-not-dead BreachForums the day after Christmas, according to screenshots grabbed from the seemingly impossible-to-kill cybercrime forum.

According to the alleged attacker, they gained access to ESA-linked external servers on December 18, and were connected "for about a week," during which they claim to have stolen source code files, CI/CD pipelines, API and access tokens, confidential documents, configuration files, Terraform files, SQL files, hardcoded credentials, and a dump of "all their private Bitbucket repositories as well." 

We reached out to the ESA to get more information about the status of its investigation, and more specifics on what sort of servers were breached, but didn't hear back, with an automated response informing us that the Agency's offices are closed for the New Year holiday. 

• Canada ups its European Space Agency bet 10x with $376M
• UK sinks to fifth in ESA funding league behind Spain
• ESA tests bacterial powder to feed Moon and Mars crews
• Why blow up satellites when you can just hack them?

As noted above, this isn't the first time the ESA has experienced a security incident, nor the first time it has said the affected systems were external to its core networks.

The Space Agency's online store was hit by attackers last year shortly before the Christmas holiday, with miscreants inserting a fake payment page to nab customer info while unsuspecting users were shopping for space-themed holiday gifts. The ESA, naturally, said it's not in charge of its own online store. 

A trio of ESA domains was compromised in 2015 via an SQL vulnerability, resulting in the theft and leak of information belonging to thousands of subscribers and some ESA staff.

Just a few years prior to that, in 2011, the ESA was also breached, with an attacker publishing administrator, content management, FTP login credentials, and Apache server config files online for all to see. As was the case with this latest incident and last year's store attack, the ESA said the 2011 breach didn't affect the Agency's internal networks.

Fair enough - but this sure feels like a pattern. ®